North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: User negligence?

  • From: Kandra Nygårds
  • Date: Sun Jul 27 04:05:50 2003

From: "Sean Donelan" <[email protected]>

> Unfortunately there are a lot, and growing number, of self-infected PCs
> on the net.  As the banks point out, this is not a breach of the bank's
> security. Nor is it a breach of the ISP's security.  The user infects
> his PC with a trojan and then the criminal uses the PC to transfer money
> from the user's account, with the user's own password.

Banks use passwords for authentication? That's what scares me.

Personally, I find it terrifying that banks allow such weak authentication
as a password for financial transactions. To the best of my knowledge, all
banks around here use a smartcard based system. It might be a bit more
inconvenient, but the added security makes it well worth it, in my opinion.

It may not be a breach of the bank's security as such, but the measures they
take in order to protect their customers' money is in my opinion so low
that, IMHO, they are the ones guilty of negligence.